NowSecure: Securing the Mobile World

Andrew Hoog, CEO

With the increasing prevalence of BYOD programs, end-user privacy is an overriding concern, even in highly regulated and security conscious organizations. “Enterprises can’t be ‘Big Brother,’ burn people’s batteries, or invade user privacy,” notes Andrew Hoog, CEO of NowSecure. The company takes a novel approach by put¬ting mobile users first. Though primarily a B2B company, NowSecure offers a consumer app—NowSecure Mobile—that educates users on mobile security risks and how to secure their own devices. NowSecure’s approach is radically different from most because they do not focus on anti-virus scanning. “While there is some malware concern, the larger risks are from areas that the mobile security industry has completely ignored,” states Hoog. What makes mobile so different is the combination of systems, configurations, apps and networks that make devices vulnerable to attacks. Called the SCAN principle, NowSecure’s approach involves under¬standing where the attacks are coming from and how to remediate risks at both an individual and enterprise level.

NowSecure brings four capabilities to the table that enable enterprises and individuals to manage mobile security—mobile app testing, threat analytics, end point security and forensics. Focusing originally on mobile forensics gives the company a unique advantage to identifying mobile security is-sues and designing solutions for the user and enterprise.

“Simplicity is built into the DNA of our products,” says Hoog. While detecting vulnerabilities can be complex, NowSecure works to address issues directly impacting end users. “One of the key things we deliver is visibility.” While a CIO of¬ten has complete information concerning desktop computers, they often don’t have the same level of insight when it comes to the mobile devices deployed across their organizations. NowSecure focuses on quantifying and presenting a single number to the C-suite that measures how they are dealing with mobile risks.

“If an organization has 10,000 phones, each one of those phones has its own security score. We constantly capture and aggregate factors like the device’s location, operating system, applications in¬stalled, and mobile carrier,” explains Hoog. For instance, if the device’s security score is around 80 and it goes down to 60 after an issue is detected—like t h e Heartbleed vulnerability discovered in 2014—companies are empowered to take a strategically defensive posture, including perhaps limiting a device’s access to corporate data until the issue is resolved.

“We’re on the forefront of mobile re¬search, discovering new vulnerabilities every day,” asserts Hoog. Not long ago, the company discovered flaws that affect¬ed 200 million Samsung phones. While malware is dangerous, vulnerabilities such as Corrupdate can have much more severe consequences. In Hoog’s words, “Everyone is missing that 900 pound gorilla in the room.”

The company’s solution is uniquely positioned to not only work in BYOD scenarios, but also on corporate owned phones. “Because our apps are used by individuals around the world, we have the ability to provide insight into what drives risk in real-time as it evolves across platforms like Android, iOS and others,” he adds.

Since NowSecure deploys its solutions both on-premises and in the cloud and integrates directly into a client’s development lifecycle, customers have the control they need to develop and assess apps and devices. NowSecure is set on empowering CIOs and CSOs to cope with the mobile economy. “We want to make our platform comprehensive, powerful and yet simple for those tasked with securing the mobile enterprise,” says Hoog.